I just wanted to bring to attention some rather dubious coding practices in Sugar that I have come across.
The most recent of which has been hiding content based on style display attributes particularly with reference to users and passwords.
Basically a reasonably computer-literate person can open a firebug-equiped browser, change the display settings inline and modify their security settings and preferences.
I am starting to see this in multiple places and it is not good practice. The bottom line is if you don't want content to be seen, don't send it to the browser.
I appreciate that there are circumstances for using this method but surely not where security is concerned.
Anyone else have an opinion or thoughts about this?